Castopod
/
AntennaPod
mirror of https://github.com/AntennaPod/AntennaPod.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3191 from jas14/stricter-db-import 

Check SQLite3 magic bytes before import
This commit is contained in:
H. Lehmann 2019-05-27 12:44:44 +02:00 committed by GitHub
parent 35770dc2e2 09e138b51f
commit 46103883ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
app/src/main/java/de/danoeh/antennapod/activity/ImportExportActivity.java
View File

@ -23,6 +23,7 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.channels.FileChannel;
import java.util.Arrays;
import de.danoeh.antennapod.R;
import de.danoeh.antennapod.core.preferences.UserPreferences;
@ -109,9 +110,14 @@ public class ImportExportActivity extends AppCompatActivity {
}
private void restoreFrom(Uri inputUri) {
File currentDB = getDatabasePath(PodDBAdapter.DATABASE_NAME);
InputStream inputStream = null;
try {
if (!validateDB(inputUri)) {
displayBadFileDialog();
return;
}
File currentDB = getDatabasePath(PodDBAdapter.DATABASE_NAME);
inputStream = getContentResolver().openInputStream(inputUri);
FileUtils.copyInputStreamToFile(inputStream, currentDB);
displayImportSuccessDialog();
@ -123,6 +129,28 @@ public class ImportExportActivity extends AppCompatActivity {
}
}
private static final byte[] SQLITE3_MAGIC = "SQLite format 3\0".getBytes();
private boolean validateDB(Uri inputUri) throws IOException {
try (InputStream inputStream = getContentResolver().openInputStream(inputUri)) {
byte[] magicBuf = new byte[SQLITE3_MAGIC.length];
if (inputStream.read(magicBuf) == magicBuf.length) {
return Arrays.equals(SQLITE3_MAGIC, magicBuf);
}
}
return false;
}
private void displayBadFileDialog() {
AlertDialog.Builder d = new AlertDialog.Builder(ImportExportActivity.this);
d.setMessage(R.string.import_bad_file)
.setCancelable(false)
.setPositiveButton(android.R.string.ok, ((dialogInterface, i) -> {
// do nothing
}))
.show();
}
private void displayImportSuccessDialog() {
AlertDialog.Builder d = new AlertDialog.Builder(ImportExportActivity.this);
d.setMessage(R.string.import_ok);

1
core/src/main/res/values/strings.xml
View File

@ -797,4 +797,5 @@
<string name="notification_channel_playing_description">Allows to control playback. This is the main notification you see while playing a podcast.</string>
<string name="notification_channel_error">Errors</string>
<string name="notification_channel_error_description">Shown if something went wrong, for example if download or gpodder sync fails.</string>
<string name="import_bad_file">Invalid/corrupt file</string>
</resources>